Analysis Overview
SHA256
5fd92591686e26c40015c3227f43e3405181fd9eddff6fa10588715510898719
Threat Level: Likely malicious
The file a1518f6dafb754ebdeaf5c6981e61d29_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Removes its main activity from the application launcher
Loads dropped Dex/Jar
Queries information about running processes on the device
Requests dangerous framework permissions
Makes use of the framework's foreground persistence service
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Queries information about active data network
Queries information about the current Wi-Fi connection
Reads information about phone network operator.
Queries the unique device ID (IMEI, MEID, IMSI)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-12 16:25
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read the user's calendar data. | android.permission.READ_CALENDAR | N/A | N/A |
| Allows an application to write the user's calendar data. | android.permission.WRITE_CALENDAR | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to collect component usage statistics. | android.permission.PACKAGE_USAGE_STATS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 16:25
Reported
2024-06-12 16:28
Platform
android-x86-arm-20240611.1-en
Max time kernel
176s
Max time network
130s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /storage/emulated/0/.teapot-1364008328/p4.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p4.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p3.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p3.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p1.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p1.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p4.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p1.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p4.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p1.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p4.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p1.jar | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.nicole.sdkmoon
com.nicole.sdkmoon:dog_service
com.nicole.sdkmoon:dog_service
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/.teapot-1364008328/p4.jar --output-vdex-fd=65 --oat-fd=70 --oat-location=/storage/emulated/0/.teapot-1364008328/oat/x86/p4.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/.teapot-1364008328/p3.jar --output-vdex-fd=63 --oat-fd=70 --oat-location=/storage/emulated/0/.teapot-1364008328/oat/x86/p3.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/.teapot-1364008328/p1.jar --output-vdex-fd=57 --oat-fd=70 --oat-location=/storage/emulated/0/.teapot-1364008328/oat/x86/p1.odex --compiler-filter=quicken --class-loader-context=&
com.nicole.sdkmoon:proxy_service
ls -l /system/xbin/su
com.nicole.sdkmoon:proxy_service
com.nicole.sdkmoon:proxy_service
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | adlayt.cfglab.com | udp |
| US | 64.91.248.18:80 | adlayt.cfglab.com | tcp |
| US | 1.1.1.1:53 | ww12.cfglab.com | udp |
| US | 75.2.81.221:80 | ww12.cfglab.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | hot.xsech.xyz | udp |
| US | 54.244.188.177:80 | hot.xsech.xyz | tcp |
| US | 1.1.1.1:53 | tk.adtsk.mobi | udp |
| US | 44.200.43.61:80 | tk.adtsk.mobi | tcp |
| US | 54.244.188.177:80 | hot.xsech.xyz | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
Files
/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal
| MD5 | f9ddfd44303490a35a9b04434abb3ed6 |
| SHA1 | 0e89cd415c59aca42a5bd5f87217a6f3d21a77d3 |
| SHA256 | 64c897fa16f0748164437f61bbb2fff80bb4063b8683f2cd6ead55f8b918bd67 |
| SHA512 | e896c2c19f18d6c497c3d739897e9c28300950e379e1dff55f9ae3cbdd685b7ac7ccf895db55a6b906d27e17fff15309d5d4d64dd30e048c33aaf371d8dc2a5c |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db
| MD5 | 5d7ea1a23af19b4340cc8d90f28297d5 |
| SHA1 | 4cfe95b23a9e98378d69c4290af81b51fbe76aea |
| SHA256 | 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da |
| SHA512 | 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db-wal
| MD5 | 50c3c9d0c1e6754a7b198751b07f1dc4 |
| SHA1 | 7ad24546bf1af597f2a363a34293bd00382f4ceb |
| SHA256 | 3da45441f3df06ef24a9d1982c10e0edbec8b99f8b59b945bba6f88868931110 |
| SHA512 | 748e0ef88fce9e7f894a6ed874f354f96b2d06a7cbaf5b6df8e5dbfb740fdb87d956718acf3e283b77828dd3f3aa78509c5afd5c5060fc272e0e333e8ab3c25e |
/storage/emulated/0/.teapot-1364008328/p1.jar
| MD5 | f4343d42a561922d590624d07c4d139f |
| SHA1 | 81451ea5e1818ff8ffbb51c62cd638e56ace92fa |
| SHA256 | 408f47b2a45858c418b1277d962ba4c7b0a88fa7729915ab96818a58a695c472 |
| SHA512 | 23401825d8a24a7aa28eba68cee81fa3e68d4d0ffae4a5d89cb2a44deba59f613dea8229ef841c6753249b372333c8353091cc6cedf9afeeaa64078342fed0c9 |
/storage/emulated/0/.teapot-1364008328/p3.jar
| MD5 | a3d96f7f321a3928262788df5a7e7dea |
| SHA1 | 62f01be413ef3a26fc60654f95c484b5d66576a5 |
| SHA256 | adf99270ed3c95afe59365623807965205cf9d852a62d15d27de1da50d59e376 |
| SHA512 | f1f01173c7264afff2f6721df329980c4e32c90aa01ece5376e661fe6c02e48cc90734b8bbf9e3984800e26a6adf3581783537823a0ef6d955368bdb12f4b79b |
/storage/emulated/0/.teapot-1364008328/p4.jar
| MD5 | bc85b12655de531728f8c6671c65b7d6 |
| SHA1 | d56cf4d7206817884435e431cc692d94c3954550 |
| SHA256 | ca90b0a4ec6b5bc9576d8578057702b2a6f56dff7f41ef23204e58140fbcf9d7 |
| SHA512 | d8239e987fcd8dd23c62bf50edc6471a6a5b70fa96cc7c0ea6b9c223e0b5377641ec9c7beb707b0247e9ecb7b89144c6a07ccd70eec0d78ead63bb226b60af56 |
/data/data/com.nicole.sdkmoon/files/umeng_it.cache
| MD5 | 26a0cd7a3f78c203f33642d618dcd76e |
| SHA1 | a1fde7dc95bda090255fb5a0b0f121d78d62a884 |
| SHA256 | ba08f24676ef1477482546391281882d4a73228efdcf82a46f5cd6c89d5b2340 |
| SHA512 | 3a0694b165f7e94d30864c17da332462fe4cdfa6cac5bca316100f130585290b89be8a6be57aab0d922743b219b0cc7d1587baf38ecb8c80cb99e787b6ed9350 |
/data/data/com.nicole.sdkmoon/files/.umeng/exchangeIdentity.json
| MD5 | 0fff91003a08f4aaa965edae0af03fb8 |
| SHA1 | 5166c817eebcace5f8c516b495518bd7366f6945 |
| SHA256 | c09c5348645aaa6cb8be744e9df8f81b95757f0eb4197d4aec51ddeaaa7bc0f8 |
| SHA512 | f05d6b00d4f2e78806622a9fba20e365ec4340db4bae5f8b78932688e50f82ce9bcf9a5209f90f7fd3067f8f9b0e4300930d6d506428d1118ea8225922c1a132 |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db-wal
| MD5 | addc89567c1a7c5423a9aaeac7a66970 |
| SHA1 | bfa9e55885be91a859e0705a4652da8e1b7b89bd |
| SHA256 | 4a4acd0467d741583c39960a358ca5dffd73656902284a6f54aaf4ee84386176 |
| SHA512 | 4071652de756fadbc99fbfbe97ab4c31bc7bb11ee31fa54dc743bd220ccbb05de818eda4cb4208cfde78e7c757c7b6a23b381f486fc010a9fb96db3415ce54e7 |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db
| MD5 | ce6135aa1b1fe4f2c2db2a546d2a5558 |
| SHA1 | 79b59582154017aadab783dc266fcb158c252940 |
| SHA256 | 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c |
| SHA512 | 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4 |
/data/data/com.nicole.sdkmoon/files/mobclick_agent_cached_com.nicole.sdkmoon1
| MD5 | 97fcbec96109b402e21b4e45db3758ae |
| SHA1 | b27b85a82f757464cc933bd9fc8932a2dd1ac8b5 |
| SHA256 | 3119754b51451d65eb95ac5e368c861a8d6e045a29e1c035b60551de827e0faf |
| SHA512 | 1caef743181e5607787ef1a90e50cbac31fc8ffe44adfce075085fd49b5be85c8d1fb14646114211a4e4377560653a9361e8c6ebd95fba64df5ef427a21e0c43 |
/storage/emulated/0/.teapot-1364008328/p4.jar
| MD5 | a283be10f33c65d63da3b33a79fbde31 |
| SHA1 | 32e100729d75151ed8f55cf43bf1a99924f9acb3 |
| SHA256 | ae337d6a8048b3c58a1eee084866a97b03360a5799c262a6a4071012284f5f80 |
| SHA512 | 42b51a83a7aef421b19f49f617e316a7b1ddefae53aa1cac85514cf1befd1fee864b823e2331089bcd84225d1901a37da14df63251d3a2cd354a8c0b5b3cc7d5 |
/storage/emulated/0/.teapot-1364008328/p4.jar
| MD5 | 6c1c7d2cee58f00fca68d01a4a608749 |
| SHA1 | e323ec3a0149d47cb2df8a2cf2a1a419c9fa04b0 |
| SHA256 | 99af8a58ba6eb01a19ca70cc4a8daef05509e8f6ca309e17e31b36142a3d2f76 |
| SHA512 | 941bf43374d79389090bf6c600e8865de122a55bb58a355dc853f0dfe130c3d6793c3f99013fd1ed522fd22671b9a51141e34cd370de49e69e07006bdf5e7ecb |
/storage/emulated/0/.teapot-1364008328/p3.jar
| MD5 | 73c9f0f489ad01bf603ad3551afa66ce |
| SHA1 | 5aed3ec02883deb2b4d2406b4b8cf7c999bf2d38 |
| SHA256 | 0a6c9055d54fbca58339ed6837575c8244712fad7f55ab368e50f68f3dc8eccc |
| SHA512 | 4001af02e19551285b43f90386f215964dd9bf1e87b7596c66f64e884c5bb314360777bf7325c66d5d6dec1278ae4702ea730f9b5f65b9e10307daf065e37d56 |
/storage/emulated/0/.teapot-1364008328/p3.jar
| MD5 | 356220d3cbc7df0dab67f5eb575cdd54 |
| SHA1 | 8f67e5cdd4c2ab25d9ceec00b569f65314429b62 |
| SHA256 | 8fbde92c60de70a496f1b2cf51018b4553e47d63f1d1d253c47c8facd4d98a09 |
| SHA512 | 7f1336a4af92ccfcc8344ef68a60544f0fdebf8f89687f69d321b5b8b12e3ca4f2b996ef081682c16826a87260213ca921e4c4ea03d8e5685bcdd437e70ce2b4 |
/storage/emulated/0/.teapot-1364008328/p1.jar
| MD5 | 10700be83f3356588e410d245c59b808 |
| SHA1 | 729384d7eebc41a46fd61469014ab5449457822f |
| SHA256 | 6d0031de569a271501b08aa397e058d7247cec0073213c3efdfb3400d264e7ae |
| SHA512 | c87e7f6cde9e94d72b70760f663e37c1f2247b0eda48d97744da9c5b7ddc2b9b4db97c3bc592acdbb764bfc504066b9322d8524bfddc75d15fbddd75fe038de0 |
/storage/emulated/0/.teapot-1364008328/p1.jar
| MD5 | 7e8aaf7ffae02f451e04115b1acc078f |
| SHA1 | 6729f2cd4413c765b529342355ce5b8d4c0f7afb |
| SHA256 | a907d3414797c573c9db7ae5e58320cd42d61c5f5487aafacd47f5eca56605f9 |
| SHA512 | 865901d58a1c5fe2bf7a62d26041ec5941a40d4cf8325bf7b2d2c6e44b1cbddba992cfb95c126ca81894b88a9dededec8e5327ff347c2f35b9a5a8126b064038 |
/data/data/com.nicole.sdkmoon/files/pvgxuf
| MD5 | 8efaa6c7c1f8e9bf248c61e1ec659c10 |
| SHA1 | e95bed8262caeb921ddf057e4d24d0bf3152eed2 |
| SHA256 | f4c1f39fdcf134a86698f849ea7abaee4db15f2406da31e9686773c1a787c8ca |
| SHA512 | 9636a7dbafd1f17fe74fd2347f4fe3c7e61feb3d65640cabf544e6157d7109d9d046e8d9e02882352e2c1e1748db2e8becb8c6255742517c10345d6961877e2d |
/data/data/com.nicole.sdkmoon/files/pvgxuf
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/com.nicole.sdkmoon/files/.um/um_cache_1718209579742.env
| MD5 | 48adb8a83f2439a51d08b9684ef0192e |
| SHA1 | 56fe3da89eadb299e5f66ab4677da508bac476f8 |
| SHA256 | fe330b8b1f0185b213e813ca2d8926a2b516731eae601ed53dd48dbfc78020ed |
| SHA512 | a34ff32275063bc5b0b7ee3e557887fc2b0593e82d1324d0d7ce596eca5c5a2e9cd237326159b88eb61596156716e2648783472a44d0f6be6e053997b858da02 |
/data/data/com.nicole.sdkmoon/files/mobclick_agent_cached_com.nicole.sdkmoon1
| MD5 | 7b2fae134af14c412585dee3048a44d5 |
| SHA1 | 4d41de6fed0948a0d495b5e5c653bc18511eeb77 |
| SHA256 | 69bdd6bfd94fa0e41f9c358d74a0d4ce35cb54a371c7e5dbd7f8e3b42782f995 |
| SHA512 | 1e3941c53923b1733608cb4319b5fda37e62df79637108076823ff1481d10ed48c7cf800ff9739ce0cf41924e8eb89f9becfdcf48a8a28d6c9ee096606fcd385 |
/data/data/com.nicole.sdkmoon/databases/tanks.db-journal
| MD5 | c4c3f5ef7de2a5b94ef7a3292849a184 |
| SHA1 | 6fc2a243277f2a0dfe1d80c23a404d409ea8adb8 |
| SHA256 | e3063689cb533f4bf2f24d5e15d3f7dc83fc98eb9508da708ec79ddd9486ff24 |
| SHA512 | 5e0af620f309598f38ab4790927e6e18b2a6196f4a92e9acc6267e0e10ec03b470852f5163c5d5981c3be05b27e12bada0c3c44dc7e3ca02951d4752427fce25 |
/data/data/com.nicole.sdkmoon/databases/tanks.db
| MD5 | 939cf45d3b3ad0f0c80e232e55919a0c |
| SHA1 | cb06799fdb13a87ebe431f8207214fe745c66af9 |
| SHA256 | 215d257f2dd07c942d3adf91c09e60d12a4dcacee467ac6578cf20c97d35f492 |
| SHA512 | 3cc553dc400c0df10502ee416c094097bafecb6ec46af8098baed0e34edc5f5fd80b8a4cddf57770dd02675c651088883a6decb8f3ff84a564ab6826a02d4071 |
/data/data/com.nicole.sdkmoon/databases/tanks.db-wal
| MD5 | 68c4c18915e7b4481dcb6c8825769776 |
| SHA1 | f07fce9d3fc187cff4efe268a3e6aaf6a15be0e4 |
| SHA256 | 50142dc8f55d77dc17e3296fcb423707425dd21db92d730ef3af3229cfe3cdf6 |
| SHA512 | f3260e97e409ed2f0bfb7938909eb5677f534a7c3a08efbca044285ae646be3c6153fb1b0ef5043d8217b1f180c2a40fe983ef34e569e4e38fc5e440779da8d2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 16:25
Reported
2024-06-12 16:28
Platform
android-x64-20240611.1-en
Max time kernel
177s
Max time network
151s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /storage/emulated/0/.teapot-1364008328/p1.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p3.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p4.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p1.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p4.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p1.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p4.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p1.jar | N/A | N/A |
| N/A | /storage/emulated/0/.teapot-1364008328/p4.jar | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.nicole.sdkmoon
com.nicole.sdkmoon:dog_service
com.nicole.sdkmoon:dog_service
com.nicole.sdkmoon:proxy_service
com.nicole.sdkmoon:proxy_service
com.nicole.sdkmoon:proxy_service
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | adlayt.cfglab.com | udp |
| US | 64.91.248.18:80 | adlayt.cfglab.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | ww1.cfglab.com | udp |
| DE | 64.190.63.136:80 | ww1.cfglab.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| GB | 142.250.200.10:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | tk.adtsk.mobi | udp |
| US | 44.200.43.61:80 | tk.adtsk.mobi | tcp |
| US | 1.1.1.1:53 | hot.xsech.xyz | udp |
| US | 54.244.188.177:80 | hot.xsech.xyz | tcp |
| US | 54.244.188.177:80 | hot.xsech.xyz | tcp |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 216.58.212.238:443 | tcp | |
| GB | 142.250.200.2:443 | tcp |
Files
/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal
| MD5 | 76466552c9c8947a94e61f06051cb124 |
| SHA1 | 1022eb73408e87cdfa785b0496d4ee0f22884d14 |
| SHA256 | 18b60859fedfc553ab1f637825c7ab53280464adaf8b7a94888922407cc7bd53 |
| SHA512 | aa6265f0f1b73ec4b5c308de60689b286d3f98aeb5a1051c5b41104a483b17e7dd95c0deceae17d59492d023e85f6fd8722fc97779d7128bfc41ac3d2a510e10 |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db
| MD5 | 0908e924aa236931dc7166fef6e00862 |
| SHA1 | 7782648d6d8f6e835bd47058d4852932c096a467 |
| SHA256 | 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f |
| SHA512 | 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal
| MD5 | fcea2653cd1337d35d5297db5009cb61 |
| SHA1 | 8bbf609a5d7c3c3f500e8f14a4488c89986e15bf |
| SHA256 | 2db86872a4ffe42050b54b92a477238ce7b2e0a44c1b0bac5655bfe204b688c6 |
| SHA512 | a619a5a5cf3d28cd16a9530cdb31ec4ae7a0e9ceed852b5989c0e75e0bb66295647bde36971ba7c0c006d58b524b294baf52c505fd5245e9eea29659de553427 |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal
| MD5 | db913ea711533e200747322bb66af1f2 |
| SHA1 | aa129e198101b24ae5bc48b7c1699f551a709b5d |
| SHA256 | fb78a4a35b5d032786e9def6b5a9f473e99167c10fda7c347fee8008854b84be |
| SHA512 | 68038af04e93af4b8d69b974f841b1b8c1e3fe622b57b49266b71bd4a7a7d8d8449ac233ffb7f81e98a65b3b157c50cd4d402d9374d952ea6d6ca5e453eb59ca |
/storage/emulated/0/.a/track_id.bin
| MD5 | 1418a4dbcb1afd095b8d9cb1a32eafe7 |
| SHA1 | 3d043c28014daf68bdfba89230ae82ea07592104 |
| SHA256 | 677b6721017f1ec9d12c6147507d935786f8b21b5294a9572f5ca362cfa2e00e |
| SHA512 | 84de0178d7b0f573f4ed6e3d5ad7b6e491c4f44ea8838e3de417c95fe1d3c9762688c82ca9bf44ac8afbe2b650aa8cff5ce31dc4fbdba117938ce9990eec2f9b |
/storage/emulated/0/.teapot-1364008328/p1.jar
| MD5 | f4343d42a561922d590624d07c4d139f |
| SHA1 | 81451ea5e1818ff8ffbb51c62cd638e56ace92fa |
| SHA256 | 408f47b2a45858c418b1277d962ba4c7b0a88fa7729915ab96818a58a695c472 |
| SHA512 | 23401825d8a24a7aa28eba68cee81fa3e68d4d0ffae4a5d89cb2a44deba59f613dea8229ef841c6753249b372333c8353091cc6cedf9afeeaa64078342fed0c9 |
/storage/emulated/0/.teapot-1364008328/p3.jar
| MD5 | a3d96f7f321a3928262788df5a7e7dea |
| SHA1 | 62f01be413ef3a26fc60654f95c484b5d66576a5 |
| SHA256 | adf99270ed3c95afe59365623807965205cf9d852a62d15d27de1da50d59e376 |
| SHA512 | f1f01173c7264afff2f6721df329980c4e32c90aa01ece5376e661fe6c02e48cc90734b8bbf9e3984800e26a6adf3581783537823a0ef6d955368bdb12f4b79b |
/storage/emulated/0/.teapot-1364008328/p4.jar
| MD5 | bc85b12655de531728f8c6671c65b7d6 |
| SHA1 | d56cf4d7206817884435e431cc692d94c3954550 |
| SHA256 | ca90b0a4ec6b5bc9576d8578057702b2a6f56dff7f41ef23204e58140fbcf9d7 |
| SHA512 | d8239e987fcd8dd23c62bf50edc6471a6a5b70fa96cc7c0ea6b9c223e0b5377641ec9c7beb707b0247e9ecb7b89144c6a07ccd70eec0d78ead63bb226b60af56 |
/data/data/com.nicole.sdkmoon/files/umeng_it.cache
| MD5 | 240444ae869d1d7f205ac0b7d26f4f98 |
| SHA1 | 66614534b8e8d4192b4b03f330b150e4cd675456 |
| SHA256 | f24f88c788e1ff72a8e8d4ddfbda79a9e9ad0278fcdb7eea59b8b0501e0128d1 |
| SHA512 | cc6aa2a826a6409d8a10a5cd34894f11ecc47212665116e8896e6691e7dc0c963163ab2742bd67d50a4dfe8d268826c2603e40a2689f36a96d853ce5897a5b8e |
/data/data/com.nicole.sdkmoon/files/.umeng/exchangeIdentity.json
| MD5 | 92f4be751517ccc2b77af33338c01fcb |
| SHA1 | 24c08dfcd58b9f6d9f7a578951188696ce2897a5 |
| SHA256 | 2b29c8853922d3d25637a5ff8640b8ea999bce78cc7566f9ff16b48e9cbc846f |
| SHA512 | 831caa6f995067bc427e6160973a811dc0bfe3296089e3bf57ba041e4d4f75db18f5f8201c27a840a5e42e80a6288018c6e0b8d76b1752f66df4103e5c0a5707 |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal
| MD5 | 16e2c836464cc415574a03a56ebd8279 |
| SHA1 | 8579a055161dcdbc8cbf812219efcc241130b6e9 |
| SHA256 | 370b943d0f0a30df57126cec5b927b6c4c14d884314c9e647cf7b6e72999f2b6 |
| SHA512 | 52109be72769993c4e105a37178505af010917b55030220406bc504f3b1be30d013792fe09d5b4264b1a985bab01eb7f242aa5107926cd7cfb120824e8af30b5 |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db
| MD5 | 67c12933d1e0e63d9801a6aa43092ce7 |
| SHA1 | b6936908554e4a1986b8eb08289e2d3545e8ff74 |
| SHA256 | abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40 |
| SHA512 | db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal
| MD5 | a8448d9c136dcf524a045e82d8f36ea6 |
| SHA1 | 032f44a4fe47393368fa84a584b95b95ca8b21b3 |
| SHA256 | cc471a3ff208148f20d68fdf98fe381bfbfa056d8cdde583467e4b8b5fe0db32 |
| SHA512 | 5b2b5d749f07054492890c4e9b6741f8c11e0749503e292102ae8bc8f48f5ac80fd6be4f54df7a427180fb3376b8611853ab9bb5ccbccf09bdec78eacf19f58a |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal
| MD5 | 7b6a5bb4ccf8c2aaaf2d80f6a21a1ea5 |
| SHA1 | 3f086d83338b91cdb531a513cb84ab2974f979e6 |
| SHA256 | b51bd7bcb76af8619e652878b8e4bc092da399ec162f6091515cb34251cd586f |
| SHA512 | b637fb87cd1861fd003c0e5843822e8f3bfbaae6d903aaad3bf978e8ca20307a39473f7ec950f1b7abe6e0a97ce26b2a0726085d307d1f273e1042326dd3af28 |
/data/data/com.nicole.sdkmoon/files/mobclick_agent_cached_com.nicole.sdkmoon1
| MD5 | bba22cb7d45f881ecc059a63f580a431 |
| SHA1 | fb4cd2a9dcb5b077ee61dbde8f414c6ec3a49c0f |
| SHA256 | 3f57d84397805fe50588474945a94ce0aed6e2672b896d11266de272b0afac42 |
| SHA512 | 1ef6ba9429bc0868b6b1ba7b3581bdebe520524f431d4fd649955759a9f50f2208bca2131d74f0d3d54ce833a128a3d27b13c0f27e2ef52c6630b06a9a6d77f0 |
/storage/emulated/0/.teapot-1364008328/p1.jar
| MD5 | 10700be83f3356588e410d245c59b808 |
| SHA1 | 729384d7eebc41a46fd61469014ab5449457822f |
| SHA256 | 6d0031de569a271501b08aa397e058d7247cec0073213c3efdfb3400d264e7ae |
| SHA512 | c87e7f6cde9e94d72b70760f663e37c1f2247b0eda48d97744da9c5b7ddc2b9b4db97c3bc592acdbb764bfc504066b9322d8524bfddc75d15fbddd75fe038de0 |
/storage/emulated/0/.teapot-1364008328/p3.jar
| MD5 | 73c9f0f489ad01bf603ad3551afa66ce |
| SHA1 | 5aed3ec02883deb2b4d2406b4b8cf7c999bf2d38 |
| SHA256 | 0a6c9055d54fbca58339ed6837575c8244712fad7f55ab368e50f68f3dc8eccc |
| SHA512 | 4001af02e19551285b43f90386f215964dd9bf1e87b7596c66f64e884c5bb314360777bf7325c66d5d6dec1278ae4702ea730f9b5f65b9e10307daf065e37d56 |
/storage/emulated/0/.teapot-1364008328/p4.jar
| MD5 | a283be10f33c65d63da3b33a79fbde31 |
| SHA1 | 32e100729d75151ed8f55cf43bf1a99924f9acb3 |
| SHA256 | ae337d6a8048b3c58a1eee084866a97b03360a5799c262a6a4071012284f5f80 |
| SHA512 | 42b51a83a7aef421b19f49f617e316a7b1ddefae53aa1cac85514cf1befd1fee864b823e2331089bcd84225d1901a37da14df63251d3a2cd354a8c0b5b3cc7d5 |
/data/data/com.nicole.sdkmoon/files/pvgxuf
| MD5 | 74748fd79ba40c0caadae2ad09576182 |
| SHA1 | 8a7ed31f864739539c14b8bb2ec6a1599664d1bc |
| SHA256 | fbff76c1fe3e52a1a90c6dfaf970cb5950ea16b171fc3caddec7a8f58cdea9c8 |
| SHA512 | bbd8a4546cc5da558c84b3b8b3cd62792a13ee3292c452c82d71b24cec89478fef497aa2d4c895b64e650ebda7e9b2452753fbc0f4e85aa09fb299664e92b2c7 |
/data/data/com.nicole.sdkmoon/files/pvgxuf
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/com.nicole.sdkmoon/files/.um/um_cache_1718209542583.env
| MD5 | a85093888572f2c8dc066ac6197f131c |
| SHA1 | 91fa4491d89d774eaec0737c6f98354c1f76d766 |
| SHA256 | 3139cd2eae0ef5e8a0876a46af6b7973f7bf2b98b8635ae791195e6520ff0b54 |
| SHA512 | 15a3db91ae984d61c6661f9c81d976147b429e5d0cf3418773c0d1a8983d80a15b771ea8743085011041af89816015b6e5d116dc42e50818fe775d572aa69188 |
/data/data/com.nicole.sdkmoon/files/mobclick_agent_cached_com.nicole.sdkmoon1
| MD5 | 22a4811d6da3ca4ebdcc7ccc0b98d906 |
| SHA1 | 69eef5af92347f5886540a4c3a026b9d0e176a77 |
| SHA256 | 89aabbca7d8003b7d52985e88d19e18203bdd490436230814b8366458be110f2 |
| SHA512 | d82ac174f66847ab4f8552b0a8a41b8ea9c485be26043b6a27d6f2ca3ef1c71afebf213d8435dca92ad2c4adbe048562c1b38f69c1a1c36d023016ea27b8ebf9 |
/data/data/com.nicole.sdkmoon/databases/tanks.db-journal
| MD5 | f7037817416a1825f55c0b7f88cdd742 |
| SHA1 | 0db9de74e4e11c5765910c2916c613f0f4e7fff7 |
| SHA256 | 00bda5cbe8b2de9b26f4ff5dc9736dafe3dfafd26b0d23c4ce7fc9fda5c0381d |
| SHA512 | 88fd6eb491f065210eead3084202fd5a5dfee5e9e6a13dc0460fc7b5c32949cd5e0f28910fbe8f464269f1c9c7b3acfbab8cc0e5162221497c16170cbc78b7c1 |
/data/data/com.nicole.sdkmoon/databases/tanks.db
| MD5 | 4407717467e3987b8645846d912160b3 |
| SHA1 | fdf3d192178dd287a90569b3d7ba4259ee59a328 |
| SHA256 | b7f56770fcda9d083b50868afa79426a927e9881f02352d29c58d319ea969264 |
| SHA512 | 8c0b39bee3bc4bbd9c4530963010db2536e5876e90db13fe095a35c8953925067459bbe100bab184c980d862f34cc01029eb11b947c0e65b33e1b6ffa5f02de3 |
/data/data/com.nicole.sdkmoon/databases/tanks.db-journal
| MD5 | c12fe2f39c90b6c0431e1ede95aaac0c |
| SHA1 | 542e8cd5070e65ed8e461423d1832c14f2c21054 |
| SHA256 | 747e0d1e020e09fe8202c107e6be9552bfd498881ff071c7adea1ce9e2e441c3 |
| SHA512 | fbe814f0f401930c6c6cae15397781b1f322a526c66b49b82596f7051fd92fae8874a1c2f0818eb57f3460c0948f9ac85a38ac3bd216d3f4f11ab07f73bc61e6 |
/data/data/com.nicole.sdkmoon/databases/tanks.db-journal
| MD5 | ee9c4b21984fe21905ad8ab524564795 |
| SHA1 | 0a5ccb5a04c5c27d30d36c5cfafb9f77163fcc17 |
| SHA256 | ef28c7eec2792789985accb36817105442806f5cd2fdc6b37d3ce94574426946 |
| SHA512 | b357bdf7583c99fd56b9e7f95387e57b4f1c3fe3fafa9d8745783b0830b7621565fa28095e11c3a254ddad06259823e0f3cd7ff93ae5433c6dbdfe042be5f266 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 16:25
Reported
2024-06-12 16:28
Platform
android-x64-arm64-20240611.1-en
Max time kernel
12s
Max time network
143s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.nicole.sdkmoon
com.nicole.sdkmoon:dog_service
com.nicole.sdkmoon:dog_service
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | adlayt.cfglab.com | udp |
| US | 64.91.248.18:80 | adlayt.cfglab.com | tcp |
| US | 1.1.1.1:53 | ww7.cfglab.com | udp |
| US | 199.59.243.226:80 | ww7.cfglab.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| GB | 216.58.212.196:443 | tcp | |
| GB | 216.58.212.196:443 | tcp |
Files
/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal
| MD5 | 82b478b3ea93a3cdaa25fe92806f9a1a |
| SHA1 | 5f070fe5455c53b1d216618406b68796b18c742d |
| SHA256 | d2c3fa95a94555f819be13a212d5ca73a429e13ca52e3e9f0083eb6c25a5577b |
| SHA512 | 120bd7e18a4cedb6e1c4b4baa3ab73088d9e127af0d0348c00b8b3d357ca83937cad17983d696ed875c961610ec276cf8af571fe5a3b2758b1d5231fee754585 |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db
| MD5 | 4cfe777c9f6e7859f5efe2197401d8e5 |
| SHA1 | bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a |
| SHA256 | c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231 |
| SHA512 | 6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal
| MD5 | b6b4877195dd07022ffcc7a03f02e915 |
| SHA1 | d81894009719ecec4baff50782b570e0c0f6a978 |
| SHA256 | e0e6dca55210cd767344c4560d21f4d836a56bacb7949292d6e0aeb42116da55 |
| SHA512 | 804a48af207c488d7681250b43728002c42c48c7105d35681bb2bf40d487810c24bee2496b47633a9267f11946621ef343b6aa769516b64836df2a10d9e73394 |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal
| MD5 | a386c615e92ce37c8d75d1be74e51a33 |
| SHA1 | bbde402a2dd7cdcca64b8f796362dfe789fb5d18 |
| SHA256 | aa62c81d58f6510891d72df3ba2158b2de4137cb27d5d8decf79e5888c42771e |
| SHA512 | d4558063ea9fc1ad7ae963c1ff509f566cb13bba311f775561e8bcab437124b3ed5293b1b7b8726bec0126f784d037c1e410138ead5e0d6542cba49166312449 |
/storage/emulated/0/.a/track_id.bin
| MD5 | 3826638e175f671be9571c1775aed39b |
| SHA1 | 08a56869f63dfb67e6015eed3cb53a9d8df56983 |
| SHA256 | 6efd6a9ec245507d7030a5f2422af35747123ae7fe904d18231253e57bfbcc3c |
| SHA512 | f49b2ed76bce4e57f0975407e73d1164fb1a2c35518f0f33c1365c38432163f17795d83f3fcac5e1050ed9df087628301b559832ff2839a982cc37e409b1fd79 |
/storage/emulated/0/.teapot-1364008328/p1.jar
| MD5 | f4343d42a561922d590624d07c4d139f |
| SHA1 | 81451ea5e1818ff8ffbb51c62cd638e56ace92fa |
| SHA256 | 408f47b2a45858c418b1277d962ba4c7b0a88fa7729915ab96818a58a695c472 |
| SHA512 | 23401825d8a24a7aa28eba68cee81fa3e68d4d0ffae4a5d89cb2a44deba59f613dea8229ef841c6753249b372333c8353091cc6cedf9afeeaa64078342fed0c9 |
/storage/emulated/0/.teapot-1364008328/p3.jar
| MD5 | a3d96f7f321a3928262788df5a7e7dea |
| SHA1 | 62f01be413ef3a26fc60654f95c484b5d66576a5 |
| SHA256 | adf99270ed3c95afe59365623807965205cf9d852a62d15d27de1da50d59e376 |
| SHA512 | f1f01173c7264afff2f6721df329980c4e32c90aa01ece5376e661fe6c02e48cc90734b8bbf9e3984800e26a6adf3581783537823a0ef6d955368bdb12f4b79b |
/storage/emulated/0/.teapot-1364008328/p4.jar
| MD5 | bc85b12655de531728f8c6671c65b7d6 |
| SHA1 | d56cf4d7206817884435e431cc692d94c3954550 |
| SHA256 | ca90b0a4ec6b5bc9576d8578057702b2a6f56dff7f41ef23204e58140fbcf9d7 |
| SHA512 | d8239e987fcd8dd23c62bf50edc6471a6a5b70fa96cc7c0ea6b9c223e0b5377641ec9c7beb707b0247e9ecb7b89144c6a07ccd70eec0d78ead63bb226b60af56 |
/data/user/0/com.nicole.sdkmoon/files/umeng_it.cache
| MD5 | 1c82dfe3f97acd9194601c75c7c214ea |
| SHA1 | f5994fc271a3f2a82909294a5850d6129341fab4 |
| SHA256 | 057e050d0e8c8b0314047b537d784342a2c411c7d1884730fec32b723df7130b |
| SHA512 | d5f077fc042fae227af5dfd8c1875393dd51856ce96ec9dd7c3f613e36d19eeae727cedcbe81c7cc1d69eb8586242bc0482d76c8b78f65b47a4a857b4297b3d7 |
/data/user/0/com.nicole.sdkmoon/files/.umeng/exchangeIdentity.json
| MD5 | 4fd659de4b100ad68505adcc89c04730 |
| SHA1 | 7c05483616bb89aa770a464d880601b7b5b7c30e |
| SHA256 | 914d1628fc39f4a0b7958b7555b082cacc8f33e7fba21d61a7a5f738eb105b28 |
| SHA512 | e5164f18259246d05f0415d2162af7b3b1c23c26dc396a28dab5a2c21ac365ed7fc9285f311ba4ee49597e95b7dbe2c8ae6439b24508a38a323e5ff7a3f35f4c |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal
| MD5 | be69a021d9ccb0fc02a283a85b219216 |
| SHA1 | 8ac13de5e2c72fef23d72874954676ceab7e45b6 |
| SHA256 | 9e73f437d37b9823992711fbfbf5c0c6ba8a18444b3c2ca148774ad2a7628490 |
| SHA512 | 1c6b606a1f02674bf7b00e94d12797d10d19a1759ffe2e7bcc911980bf04ddfdeeddaa120d3b9471506975cd310bd0a8690ed20190f06186d1f0af46f7f0d084 |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db
| MD5 | 86752a4be6564d8370f2f0e403995003 |
| SHA1 | 29f7d50675f6e59f3b808eb6dcc8619384412115 |
| SHA256 | 50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c |
| SHA512 | 79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal
| MD5 | 20694874b7c5bf4def60d7ee8c11ac9c |
| SHA1 | 6d40069fe549e7f415cbf01163f54b75ef897ece |
| SHA256 | 0af39642d7dea393d4a3eefd21679a22a7a634f6d95edf7a5b7cc1c2368f41e3 |
| SHA512 | c8b64e8ec67b8028a535e2c16b3d26a8a6d9b6465abe0321a4e652e2852684a3833d5f9ff058939e1608a08b34f910b538f518ebca2b405447fabf7b51eba670 |
/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal
| MD5 | 4b55cbdbc1c51d4b413e7cffea1c88f9 |
| SHA1 | e07ea03fea73445f8d532ffd979f8475748e5bfa |
| SHA256 | b3e83ed14f5d7726d9361e6c602c59a429b659b021c185086be7b70532bde392 |
| SHA512 | 7e2d0692d2a2b83ebc4e192022134ecb60945b6c05cbed5ca3cbcbae8b1b646b0fc16af547ae3532353cc9d36cce7e8ca88d954726f49be23dd735f4009aaa3e |